In an in-vehicle network, it is required to sense and prevent an attack that causes unauthorized data to invade and erroneously operate the in-vehicle network. To fulfill this requirement, an ID to be monitored is stored in advance in a filter table, and a transmission cycle of a message with the stored ID is checked, whereby such invasion of the unauthorized data is detected. That is, if a regular transmission node is periodically transmitting a message of a predetermined ID, when an unauthorized transmission node transmits unauthorized data in a spoofing attack, then the unauthorized data is detectable since a cycle of the unauthorized data is abnormal (for example, see PTL 1).